On 06/24/2013 08:09 PM, Simon Deziel wrote:
> Hi Aaron,
>
> On 13-06-24 10:28 PM, Aaron Lewis wrote:
>> Hi guys,
>>
>> I have two problems when IPv6 is enabled,
>>
>> A. for chrome browser,
>>
>> I don't know how to define a "sub" profile without knowing absolute
>> path of Chrome_IOThread
>>
>> [
On 06/24/2013 07:28 PM, Aaron Lewis wrote:
> Hi guys,
>
> I have two problems when IPv6 is enabled,
>
> A. for chrome browser,
>
> I don't know how to define a "sub" profile without knowing absolute
> path of Chrome_IOThread
>
> [ 771.956817] type=1400 audit(1372127142.646:1647): apparmor="DEN
On Mon, June 24, 2013 22:22, John Johansen wrote:
> On 06/24/2013 12:16 AM, Rob Meijer wrote:
>> I'm working on a retrofit version of the MinorFs system and one
>> particular
>> 'fix' seems to lead to the large scale promotion of processes to
>> confusable deputies.
>>
>> MinorFs consists of multip
Hi Aaron,
On 13-06-24 10:28 PM, Aaron Lewis wrote:
> Hi guys,
>
> I have two problems when IPv6 is enabled,
>
> A. for chrome browser,
>
> I don't know how to define a "sub" profile without knowing absolute
> path of Chrome_IOThread
>
> [ 771.956817] type=1400 audit(1372127142.646:1647): appa
Hi guys,
I have two problems when IPv6 is enabled,
A. for chrome browser,
I don't know how to define a "sub" profile without knowing absolute
path of Chrome_IOThread
[ 771.956817] type=1400 audit(1372127142.646:1647): apparmor="DENIED"
operation="create" parent=1 profile="/usr/lib/chromium/chr
Hello,
I had a lot of fun and spent the first week of the GSoC coding some
basic libraries related to my project.
The detailed progress report and plans for the next week can be read
in the following blogpost:
http://kshitijblogs.blogspot.in/2013/06/week-1-getting-hang-of-things.html
Looking for
On 2013-06-24 15:20:53, Seth Arnold wrote:
> On Mon, Jun 24, 2013 at 12:10:29PM -0700, Tyler Hicks wrote:
> > As you'll see later in the man page patch, the return code and the
> > resulting value of the *size parameter can be different. If the buffer
> > passed into aa_getpeercon_raw() is too shor
On Mon, Jun 24, 2013 at 12:10:29PM -0700, Tyler Hicks wrote:
> As you'll see later in the man page patch, the return code and the
> resulting value of the *size parameter can be different. If the buffer
> passed into aa_getpeercon_raw() is too short for getsockopt() to store
> the requested option,
On 2013-06-24 14:47:13, John Johansen wrote:
> On 06/24/2013 02:34 PM, Seth Arnold wrote:
> > On Sun, Jun 23, 2013 at 04:23:19PM -0700, Tyler Hicks wrote:
> >> Interfaces were changed, so current is incremented and revision and age
> >> are zeroed.
> >>
> >> Signed-off-by: Tyler Hicks
> >
> > Ack
On 2013-06-24 14:34:24, Seth Arnold wrote:
> On Sun, Jun 23, 2013 at 04:23:19PM -0700, Tyler Hicks wrote:
> > Interfaces were changed, so current is incremented and revision and age
> > are zeroed.
> >
> > Signed-off-by: Tyler Hicks
>
> Acked-by: Seth Arnold
>
> Are there other changes that we
On 06/24/2013 02:34 PM, Seth Arnold wrote:
> On Sun, Jun 23, 2013 at 04:23:19PM -0700, Tyler Hicks wrote:
>> Interfaces were changed, so current is incremented and revision and age
>> are zeroed.
>>
>> Signed-off-by: Tyler Hicks
>
> Acked-by: Seth Arnold
>
Hrmm I would even say don't apply this
On Sun, Jun 23, 2013 at 04:23:19PM -0700, Tyler Hicks wrote:
> Interfaces were changed, so current is incremented and revision and age
> are zeroed.
>
> Signed-off-by: Tyler Hicks
Acked-by: Seth Arnold
Are there other changes that we can or should "bundle" along with this
change? It's not ever
On Sun, Jun 23, 2013 at 04:23:18PM -0700, Tyler Hicks wrote:
> Add aa_getpeercon_raw() to the man page and adjust aa_getpeercon()
> prototype to include the new mode parameter.
>
> Also, explain the significance of ERANGE for aa_getpeercon_raw() and fix
> a misspelling in the meaning of ERANGE.
>
On Sun, Jun 23, 2013 at 04:23:16PM -0700, Tyler Hicks wrote:
> The functions that return the confinement information of a peer socket
> connection should parse and return the mode like the task-based
> functions.
>
> Signed-off-by: Tyler Hicks
Acked-by: Seth Arnold
> ---
> libraries/libapparm
On Sun, Jun 23, 2013 at 04:23:17PM -0700, Tyler Hicks wrote:
> The parameter names are slightly different in the two functions. Rename
> buffer to buf and rename size to len to make the two function prototypes
> look similar.
>
> Signed-off-by: Tyler Hicks
Acked-by: Seth Arnold
> ---
> librar
On 06/24/2013 12:16 AM, Rob Meijer wrote:
> I'm working on a retrofit version of the MinorFs system and one particular
> 'fix' seems to lead to the large scale promotion of processes to
> confusable deputies.
>
> MinorFs consists of multiple user-space file-systems. At the core of the
> system we
On Mon, Jun 24, 2013 at 11:47:50AM -0700, Tyler Hicks wrote:
> Currently, mount rule preprocessor output is incorrect:
>
> $ echo '/t { mount options=ro /s -> /d, }' | apparmor_parser -p
> /t { mountmount =ro /s -> /d, }
> $ echo '/t { mount options in (ro) /s -> /d, }' | apparmor_parser -p
> /t {
On Sun, Jun 23, 2013 at 04:23:15PM -0700, Tyler Hicks wrote:
> The getpeercon functions need to parse the mode from the confinement
> string. This patch creates a function that aa_getpeercon_raw() and
> aa_getprocattr_raw() can both use.
>
> Signed-off-by: Tyler Hicks
Acked-by: Seth Arnold
> -
On 06/23/2013 07:07 AM, Kshitij Gupta wrote:
> Hello,
>
> There are few useful functions present in the native C code like the
> parsers, which are also needed at other places like profile tools.
>
> It maybe a good idea to actually have the code available as a library
> to avoid re-writing every
On 06/23/2013 05:28 AM, Christian Boltz wrote:
> Hello,
>
> Am Freitag, 21. Juni 2013 schrieb John Johansen:
>> On 06/21/2013 07:07 AM, Steve Beattie wrote:
>>> On Thu, Jun 20, 2013 at 11:41:21AM -0700, Tyler Hicks wrote:
>
# Talks to system and session buses
dbus (send receive) bus
On 2013-06-24 11:52:05, Seth Arnold wrote:
> On Sun, Jun 23, 2013 at 04:23:14PM -0700, Tyler Hicks wrote:
> > From: John Johansen
> >
> > Return the total size of the security context on success
> > as documented.
> >
> > Signed-off-by: John Johansen
>
> The implementation of this idea is fine
On Sun, Jun 23, 2013 at 04:23:14PM -0700, Tyler Hicks wrote:
> From: John Johansen
>
> Return the total size of the security context on success
> as documented.
>
> Signed-off-by: John Johansen
The implementation of this idea is fine. But the *size parameter is
already being updated with the l
Currently, mount rule preprocessor output is incorrect:
$ echo '/t { mount options=ro /s -> /d, }' | apparmor_parser -p
/t { mountmount =ro /s -> /d, }
$ echo '/t { mount options in (ro) /s -> /d, }' | apparmor_parser -p
/t { mountmount in (ro) /s -> /d, }
This is due to incorrect placement of D
On 2013-06-24 11:15:47, Seth Arnold wrote:
> On Sun, Jun 23, 2013 at 03:50:45PM -0700, Tyler Hicks wrote:
> > Currently, mount rule preprocessor output is incorrect:
> >
> > $ echo '/t { mount options=(rw,nosuid) /dev/sda3 -> /home, }' \
> > | apparmor_parser -p
> > /t { mountmount =(rw,nosuid)
On Sun, Jun 23, 2013 at 04:23:13PM -0700, Tyler Hicks wrote:
> From: John Johansen
>
> Protect against bugs in AppArmor's getsockopt() LSM hook from sending
> aa_getpeercon() into an infinite loop.
>
> Signed-off-by: John Johansen
Acked-by: Seth Arnold
> ---
> libraries/libapparmor/src/kern
On Sun, Jun 23, 2013 at 03:50:45PM -0700, Tyler Hicks wrote:
> Currently, mount rule preprocessor output is incorrect:
>
> $ echo '/t { mount options=(rw,nosuid) /dev/sda3 -> /home, }' \
> | apparmor_parser -p
> /t { mountmount =(rw,nosuid) /dev/sda3 -> /home, }
>
> This is due to incorrect pla
I'm working on a retrofit version of the MinorFs system and one particular
'fix' seems to lead to the large scale promotion of processes to
confusable deputies.
MinorFs consists of multiple user-space file-systems. At the core of the
system we have a filesystem called CapFs that uses sparse-caps t
27 matches
Mail list logo
